Creating Custom VIBs For ESXi 5.0 & 5.1 with VIB Author Fling

VMware Labs just released a really cool new Fling called VIB Author which is a tool that allows you to easily create custom VIBs for your ESXi 5.x hosts. If you have tried to create custom ESXi firewall rules or add custom scripts to your ESXi host, you may have noticed they are not persisted after a system reboot and you had to play all sorts of games to get the files to persist. The VIB Author tool now solves that problem and you can even take your custom VIB and integrate them into an Auto Deploy Image Profile using Image Builder. Before you jump right in, be sure to read over the important note in the documentation before getting started.

So how does the VIB Author tool work?

You will need to provide two pieces of input: payload which is set of files you wish to include in your VIB and the descriptor.xml which contains the metadata for your files. From that, VIB Author can produce either a VIB and/or an offline bundle (can be used with Image Builder).

VIB Author is distributed only as an RPM and you will need to install the VIB Author tool on a 32-bit Linux system (sorry, no 64-bit support). In my home setup, I went with CentOS 6.2 i386 as it was free to download & easy to setup or you may choose go with SUSE Linux Enterprise 11 SP2 which is the recommended platform per the documentation.

To install the RPM, run the following command:

rpm -ivh vmware-esx-vib-author-5.0.0-0.0.844296.i386.rpm

In the example below, I will show you how to create a custom VIB that contains several different configurations:

Custom Firewall Rule

Custom Startup script (adds a static route)

Custom Files (ghettoVCB)

Disclaimer: The example below is not officially supported by VMware, please thoroughly test this in a development environment before using in production.

Here is the directory structure for the example that we will be going through:

Step 1 - Create your stage directory structure which we will then populate with your payload files as well as the descriptor.xml file.

mkdir -p stage/payloads/payload1

Step 2 - Create your descriptor.xml file which should be placed in the stage directory. For more details on the parameters within the descriptor.xml, please take a look at the documentation.

Step 3 - Create the directory structure and store the files you wish to include under payload1. Ensure the the directory structure matches the absolute path of how you want the files to appear on the ESXi host. For example, if you wish to create a file call foo in /etc/vmware/foo then your directory structure should look like stage/payloads/payload1/etc/vmware/foo

Note: In the documentation, there is a list of default supported paths, if you venture off of this supported list, then you will need to issue the -f flag when creating your VIB as well as installing your VIB on your ESXi host

So for our examples we have the following files:

stage/payloads/payload1/etc/vmware/firewall/virtuallyghetto.xml
This one should be pretty straight forward, we are just creating a custom ESXi firewall rule and you will need to place your configuration file under /etc/vmware/firewall, please take a look at this article for more details on creating your own firewall rules.

stage/payloads/payload1/etc/rc.local.d/999.addStaticRoute.sh
This is a custom shell script that adds a static route to an ESXi host upon bootup under /etc/rc.local.d. There maybe other startup scripts that could be executed and you do not want to conflict with any system defaults. I recommend you label yours with a high number such as 999 to ensure it is one of the last scripts to execute.

stage/payloads/payload1/opt/ghettoVCB/{ghettoVCB.conf,ghettoCB-restore.sh,ghettoVCB.sh}
This is a custom set of files that I would like to store in ESXi under /opt directory and the files are my free ghettoVCB backup script.

Here is a copy of my directory structure (stage.zip) which can be used as a reference.

Step 4 - Now we ready to create our VIB and/or offline bundle by specifying our stage directory as input. In this example, we will generate both a VIB as well as an offline bundle containing the same contents. Run the following command:

Note: You need to specify the -f flag to force the installation since we created files in an unsupported path. I have been able to test the VIB and offline bundle installation on both ESXi 5.0 as well as ESXi 5.1

To confirm we have succesfully installed our custom VIB, we can query it by running the following command:

esxcli software vib list | grep virtuallyghetto

So there you have it, in just a few steps, you can create your own custom VIBs!

Using this tool I have been trying to get an .sh to load during an AutoDeploy boot that will run the script to set a few RDM LUNs to perennial and speed up the boot time as mentioned in this kb http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=1016106&sliceId=1&docTypeID=DT_KB_1_1&dialogID=218399559&stateId=0%200%20218397548I can see the file load during boot and after ESXi is up and running the file is located in the /etc/rc.local.d directory (so I know that is working), however, it does not appear that the script is running as the boot time is still 40-45 minutes. I have tried naming the script file with 999. and 50. and even 1. I know that the script itself works because I can run it from an SSH session after the server is loaded it runs (i can then restart agents and they restart in seconds instead of 30+ minutes). Any idea why it would not load during boot? Here is what the script looks like:

It looks within VUM, there is a check to prevent VIBs that contains files outside of the supported paths which is a clue from the error as it points to the start of the section of the descriptor.xml. To confirm, I created a custom VIB and adding a file in the supported path and I was able to stage & remediate. Looks like you may need to script any custom VIBs OR integrate that into a base ESXi ISO image and import that into VUM (hopefully that’ll work but I’ve not tested)

That only works if you’re using ESXCLI to install the custom VIB which you need to change the acceptance level. The question in the above thread is regarding VUM and from what I can tell, even if you set the proper acceptance level on the ESXi host and use “community” within the custom VIB, the error is thrown as it looks like VUM is not allowing CommunitySupported VIBs to be staged to ESXi host

Is there a way to edit a VIB already installed in the bootbank on a ESXi 5.0 host, or modify the VIB before its installed? There is a IBM CIM provider that generates a line in cron, and I want to remove the line from the file in the bootbank.

It’ll depend on what was installed, you could edit the changes but since it was installed via a VIB, the change would persist. So you would probably have to do some work to ensure it does not persist. You could edit an existing VIB, but once you bundle it backup it will require you to change your acceptance on the ESXi host since it has been modified from the original source (no longer signed by the vendor). From the sounds of it, you may want to contact IBM and ask them for a FR instead

Has this been tested on 5.5 yet? Any updates? I tried to upgrade a 5.1 instance to 5.5 a couple of days ago and this VIB bombed the install. I was thinking of removing it, upgrading and then re-installing. Any thought?

Are you using the exact same stage example I have? I assume you’re centOS build is the same, it should work on newer versions but I’ve not tested it. You can always post on the Flings page for additional help

Is there anything against creating a VIB and marking it as accepted, and just having people install it using ‘esxcli software vib install -v –no-sig-check’ ??? I want to mark it as community acceptance level, but i need to add some file to the /etc/init.d/ folder. Is there are terms or conditions that say something marked as ‘accepted’ has to be signed by VMware ???

Not sure I understand the question. If you’re building a custom VIB and you’re not a VMware Certified Partner, then you MUST set the acceptance level of your ESXi host to lowest security level which is “Community Level” for the VIB to be successfully installed.

I was more so referring to creating VIBs that install files to non-default directories. I have a VIB that is community supported, that installs files to /etc/init.d/. Only way to install it is via the ‘-f’ flag. This works, however, now every VIB after this has to be installed with the ‘-f’ flag. Any suggestions?

I have installed the InfiniBand Open Subnet Manager vib manually from the CLI and had to set the software acceptance level to “Community Supported”…. what I have noticed now is that I am now unable to install any patches using VUM unless I first remove the “Community Supported” vib.

It was recently (January 2018), I found VIB Author will run on the 64-bit SUSE Linux 11 Enterprise. The 32-bit distro was too hard to find. This Veeam link was also handy though I had to zypper a couple other libs after error messages told me those were missing. Then, the vib-author bit ran good.
Good words to you!

[…] For these cases, you either had to either hack it up using a method like this or to create a custom ESXi VIB which would then force customers to lower their ESXi's software acceptance level which was not […]

Primary Sidebar

Search this website

Author

William Lam is a Staff Solutions Architect working in the VMware Cloud on AWS team within the Cloud Platform Business Unit (CPBU) at VMware. He focuses on Automation, Integration and Operation of the VMware Software Defined Datacenter (SDDC).